Techniques for lawful interception in wireless networks

ABSTRACT

An embodiment of the present invention provides an apparatus, comprising a transceiver operable in a wireless network, wherein the transceiver is configured to enable wireless interception by a predetermined third party without the knowledge of a user of said transceiver.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application claims priority to U.S. Provisional Patent Application Ser. No. 60/943,866, entitled, “TECHNIQUES FOR LAWFUL INTERCEPTION IN WIRELESS NETWORKS” filed 14 Jun. 2007, by Muthaiah Venkatachalam et al.

BACKGROUND

Lawful interception is a critical component of any mobile network in most countries. For example, in the United States, the Federal Communications Commission has mandated Communications Assistance for Law Enforcement Act (CALEA) for this purpose. The main requirement for this would be that the data/VOIP sessions from a mobile station (MS) can be wiretapped by law enforcement without the knowledge of the MS/user that his data is being tapped.

Thus, a strong need exists for techniques for lawful interception in wireless networks.

BRIEF DESCRIPTION OF THE DRAWINGS

The subject matter regarded as the invention is particularly pointed out and distinctly claimed in the concluding portion of the specification. The invention, however, both as to organization and method of operation, together with objects, features, and advantages thereof, may best be understood by reference to the following detailed description when read with the accompanying drawings in which:

FIG. 1 provides an illustration depicting a lawful interception architecture for a WiMAX network in an embodiment of the present invention; and

FIG. 2 shows a method for lawful interception in accordance with an embodiment of the invention.

It will be appreciated that for simplicity and clarity of illustration, elements illustrated in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements are exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals have been repeated among the figures to indicate corresponding or analogous elements.

DETAILED DESCRIPTION

In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.

In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those of ordinary skill in the art that the invention may be practiced without these specific details. In other instances, well-known methods, procedures, components, units and/or circuits have not been described in detail so as not to obscure the invention.

Embodiments of the invention may be used in a variety of applications. Some embodiments of the invention may be used in conjunction with various devices and systems, for example, a transmitter, a receiver, a transceiver, a transmitter-receiver, a wireless communication station, a wireless communication device, a wireless Access Point (AP), a modem, a wireless modem, a Personal Computer (PC), a desktop computer, a mobile computer, a laptop computer, a notebook computer, a tablet computer, a server computer, a handheld computer, a handheld device, a Personal Digital Assistant (PDA) device, a handheld PDA device, a network, a wireless network, a Local Area Network (LAN), a Wireless LAN (WLAN), a Metropolitan Area Network (MAN), a Wireless MAN (WMAN), a Wide Area Network (WAN), a Wireless WAN (WWAN), devices and/or networks operating in accordance with existing IEEE 802.11, 802.11a, 802.11b, 802.11e, 802.11g, 802.11h, 802.11i, 802.11n, 802.16, 802.16d, 802.16e standards and/or future versions and/or derivatives and/or Long Term Evolution (LTE) of the above standards, a Personal Area Network (PAN), a Wireless PAN (WPAN), units and/or devices which are part of the above WLAN and/or PAN and/or WPAN networks, one way and/or two-way radio communication systems, cellular radio-telephone communication systems, a cellular telephone, a wireless telephone, a Personal Communication Systems (PCS) device, a PDA device which incorporates a wireless communication device, a Multiple Input Multiple Output (MIMO) transceiver or device, a Single Input Multiple Output (SIMO) transceiver or device, a Multiple Input Single Output (MISO) transceiver or device, a Multi Receiver Chain (MRC) transceiver or device, a transceiver or device having “smart antenna” technology or multiple antenna technology, or the like. Some embodiments of the invention may be used in conjunction with one or more types of wireless communication signals and/or systems, for example, Radio Frequency (RF), Infra Red (IR), Frequency-Division Multiplexing (FDM), Orthogonal FDM (OFDM), Time-Division Multiplexing (TDM), Time-Division Multiple Access (TDMA), Extended TDMA (E-TDMA), General Packet Radio Service (GPRS), Extended GPRS, Code-Division Multiple Access (CDMA), Wideband CDMA (WCDMA), CDMA 2000, Multi-Carrier Modulation (MDM), Discrete Multi-Tone (DMT), Bluetooth®, ZigBee™, or the like. Embodiments of the invention may be used in various other apparatuses, devices, systems and/or networks.

Although embodiments of the invention are not limited in this regard, discussions utilizing terms such as, for example, “processing,” “computing,” “calculating,” “determining,” “establishing”, “analyzing”, “checking”, or the like, may refer to operation(s) and/or process(es) of a computer, a computing platform, a computing system, or other electronic computing device, that manipulate and/or transform data represented as physical (e.g., electronic) quantities within the computer's registers and/or memories into other data similarly represented as physical quantities within the computer's registers and/or memories or other information storage medium that may store instructions to perform operations and/or processes.

Although embodiments of the invention are not limited in this regard, the terms “plurality” and “a plurality” as used herein may include, for example, “multiple” or “two or more”. The terms “plurality” or “a plurality” may be used throughout the specification to describe two or more components, devices, elements, units, parameters, or the like. For example, “a plurality of stations” may include two or more stations.

Turning now to FIG. 1, at 100, is an embodiment of the present invention which provides for an architecture for lawful interception (LI) with the salient network elements for implementing LI as the following:

a) LIS: LI server 140; and

b) LIA: LI agent (in ASN at 135) and (in CSN at 142).

The external law enforcement agency 155 shall contact the LIS 140 in a wireless network, such as, but not limited to, an Institute for Electrical and Electronic Engineers (IEEE) 802.16 (also may be referred to herein as a WiMAX network), using a secure external interface 150 that is beyond the scope of the WiMAX network. The LIS 140 then may identify the LIA 135 in the serving Access Service Network Gateway (ASN-GW) 110 for the MS 115 via base station 1 120 or base station 2 125. In an embodiment of the present invention, the LIA 135 and 142 may be in both the ASN 130 and the CSN 145. Thus, the LIA can be in 3 places in the CSN: a) the big CSN cloud; b) AAA in the CSN; and c) Home agent (HA) in the CSN.

The LIA 135 then forwards the packets and the security association to the LIS 140 which then forwards them to the law enforcement authorities 155.

Turning now to FIG. 2 at 200 is shown the normal operation of an embodiment of the present invention and includes Law enforcement agency 230, LIS 225, Authentication Authorization and Accounting (AAA) 220, Anchor Auth 215, Target LIA (aka target ASN) 210 and Serving LIA (aka serving ASN) 205. In this embodiment, the LIS 225 first identifies the MS 235 in question based on the input from the law enforcement agency 230 (this can happen using photographs of the user, telephone number, IP address or other means known to those of ordinary skill in the art); once the MS is identified, the LIA for the MS is then identified by LIS. Once the LIA is identified, the LIA sends the security association for the MS session to the LIS which then sends this to the law enforcement. Then the LIA encapsulates the MS session packets into a tunnel and sends it to the LIS which then sends it to the LIA.

When a handover happens, the LI context is transferred from the serving ASN's 245 LIA to the target ASN's 240 LIA. The target ASN's 240 LIA now establishes the tunnel with the LIS and continues to forward the data of the MS to the LIS. This way the LIS and LEA continue to get the data for the MS despite of the MS handover 250. At some point the LEA may decide to terminate 255 the LI session.

When working under a virtual private networks (VPN) connection through the WIMAX access network to some corporate or other private network, the LEA may get the VPN encrypted packets of this MS. It is then the responsibility of the LEA to contact the private/corporate VPN network to get the keys to the VPN session so as to decrypt the VPN traffic. This operation would be out of the scope of the WIMAX network specification and it is something that would happen between the LEA and the VPN network.

As set forth above, embodiments of the present invention provide a very IP friendly lawful interception architecture for WiMAX network. The other key advantage of the present invention is that there is minimal change to the existing WiMAX network architecture. When implemented, the present invention would be very cost effective as it does not require expensive gateways that needs to centrally monitor all the traffic leaving the network.

While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will now occur to those skilled in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention. 

1. An apparatus, comprising: a transceiver operable in a wireless network, wherein said transceiver is configured to enable wireless interception by a predetermined third party without the knowledge of a user of said transceiver.
 2. The apparatus of claim 1, wherein said wireless network is an Institute for Electrical and Electronic Engineers (IEEE) 802.16 wireless network.
 3. The apparatus of claim 2, wherein said apparatus uses a secure external interface that is beyond the scope of said 802.16 wireless network.
 4. The apparatus of claim 1, wherein the operation of said wireless interception includes interception by a law enforcement agency by using a law interception server (LIS), Authentication Authorization and Accounting (AAA), Anchor Auth, Target lawful interception agent LIA and Serving lawful interception agent (LIA) and wherein said LIS first identifies a mobile station (MS) based on input from said law enforcement agency and once said MS is identified, said LIA for said MS is then identified by said LIS and once said LIA is identified, said LIA sends the security association for said MS session to said LIS which then sends this to said law enforcement.
 5. The apparatus of claim 4, where said LIA encapsulates MS session packets into a tunnel and sends it to said LIS which then sends it to said LIA.
 6. The apparatus of claim 5, wherein said input from said law enforcement agency is selected from the list consisting of: photographs of the user, telephone number, or IP address.
 7. The apparatus of claim 6, wherein when a handover happens between two mobile stations, the LI context is transferred from said serving access server network (ASN's) 245 LIA to the target ASN's 240 LIA and then said target ASN's 240 LIA now establishes the tunnel with the LIS and continues to forward the data of the MS to the LIS.
 8. The apparatus of claim 1, wherein when working under a virtual private networks (VPN) connection to some corporate or other private network, said LEA gets the VPN encrypted packets of this MS and it is then the responsibility of said LEA to contact the private/corporate VPN network to get the keys to the VPN session so as to decrypt the VPN traffic.
 9. A method, comprising: enabling wireless interception by a predetermined third party of a wireless transmission by a transceiver operating in a wireless network without knowledge of said interception by a user of said transceiver.
 10. The method of claim 9, wherein said wireless network is an Institute for Electrical and Electronic Engineers (IEEE) 802.16 wireless network.
 11. The method of claim 9, further comprising using by said apparatus a secure external interface that is beyond the scope of said 802.16 wireless network.
 12. The method of claim 9, further comprising intercepting by a law enforcement agency by using a law interception server (LIS), Authentication Authorization and Accounting (AAA), Anchor Auth, Target lawful interception agent LIA and Serving lawful interception agent (LIA) and wherein said LIS first identifies a mobile station (MS) based on input from said law enforcement agency and once said MS is identified, said LIA for said MS is then identified by said LIS and once said LIA is identified, said LIA sends the security association for said MS session to said LIS which then sends this to said law enforcement.
 13. The method of claim 12, further comprising encapsulating by said LIA MS session packets into a tunnel and sending it to said LIS which then sends it to said LIA.
 14. The method of claim 13, further comprising selecting as said input from said law enforcement agency from the list consisting of: photographs of the user, telephone number, or IP address.
 15. The method of claim 13, wherein when a handover happens between two mobile stations, the LI context is transferred from said serving access server network (ASN's) 245 LIA to the target ASN's 240 LIA and then said target ASN's 240 LIA now establishes the tunnel with the LIS and continues to forward the data of the MS to the LIS.
 16. A machine-accessible medium that provides instructions, which when accessed, cause a machine to perform operations comprising: enabling wireless interception by a predetermined third party of a wireless transmission by a transceiver operating in a wireless network without knowledge of said interception by a user of said transceiver.
 17. The machine-accessible medium of claim 16, wherein said wireless network is an Institute for Electrical and Electronic Engineers (IEEE) 802.16 wireless network.
 18. The machine-accessible medium of claim 16, comprising further instructions, which when accessed, further comprise using by said apparatus a secure external interface that is beyond the scope of said 802.16 wireless network.
 19. The machine-accessible medium of claim 16, comprising further instructions, which when accessed, further comprise intercepting by a law enforcement agency by using a law interception server (LIS), Authentication Authorization and Accounting (AAA), Anchor Auth, Target lawful interception agent LIA and Serving lawful interception agent (LIA) and wherein said LIS first identifies a mobile station (MS) based on input from said law enforcement agency and once said MS is identified, said LIA for said MS is then identified by said LIS and once said LIA is identified, said LIA sends the security association for said MS session to said LIS which then sends this to said law enforcement.
 20. The machine-accessible medium of claim 19, comprising further instructions, which when accessed, further comprise encapsulating by said LIA MS session packets into a tunnel and sending it to said LIS which then sends it to said LIA.
 21. The apparatus of claim 1, wherein said LIA is included in either or both said ASN and said CSN.
 22. The apparatus of claim 21, wherein said LIA is in one or more of the following 3 places in the CSN: a) the general CSN; b) the AAA in the CSN; or c) Home agent (HA) in the CSN. 